WORM_BAGLE.BF
This malware was reported by: Trendmicro
 This memory-resident BAGLE variant uses its own SMTP engine to mass-mail copies of TROJ_BAGLE.AA to target recipients, which it gathers from files downloaded from several Web sites.

Gael.3666.A
This malware was reported by: Computer Associates
Description Win32.Gael.3336.A is a virus that infects Win32 PE files by appending itself to the original file.

Trojan.Pistmi
This malware was reported by: Symantec
Trojan.Pistmi is a Trojan horse that attempts to open a back door on a predetermined Web server by exploiting the Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (as described in the Microsoft Security Bulletin MS01-023).

Gaobot.JKO
This malware was reported by: Panda Software
 Gaobot.JKO is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to log keystrokes, send spam, launch DoS (Denial of Service) attacks, download files, etc.This worm also end

Gaobot.JKK
This malware was reported by: Panda Software
 Gaobot.JKK is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to log keystrokes, send spam, launch DoS (Denial of Service) attacks, download files, etc.This worm also end

IM-Worm.Win32.VB
This malware was reported by: F-Secure


NOT-VIRUS
This malware was reported by: F-Secure


P2P-Worm
This malware was reported by: F-Secure
P2P (peer-to-peer) Network Worm (generic description) A peer-to-peer network (P2P) worm is usually a standalone program that spreads using P2P (peer-to-peer) networks. There are a few well-known P2P networks - Gnutella, Kazaa, Morpheus and so on. US

Glieder.AS
This malware was reported by: Computer Associates
Description Win32.Glieder.AS is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-

TROJ_BAGLE.BI
This malware was reported by: Trendmicro
 To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.

SdBot.ADA
This malware was reported by: F-Secure


Glieder.AT
This malware was reported by: Computer Associates
Description Win32.Glieder.AT is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-

Downloader-TQ
This malware was reported by: Network Associates Inc


Downloader-VS
This malware was reported by: Network Associates Inc


Galapoper.C
This malware was reported by: Panda Software
 Galapoper.C is a backdoor that connects to several websites that host a PHP script, in order to download a file that contains remote control commands, such as download and run other files or update itself. This file could be different for each affected c

SYMBOS_BLANFON.A
This malware was reported by: Trendmicro
 

W32.Beagle.CE@mm
This malware was reported by: Symantec
W32.Beagle.CE@mm is a mass-worm that uses its own SMTP engine to send out copies of Trojan.Tooso.L. The worm also opens a back door on the compromised computer on TCP port 80.

Trojan.Tooso.L
This malware was reported by: Symantec
Trojan.Tooso.L is a Trojan horse that interferes with the operation of security software by ending processes, stopping services, removing registry entries, and deleting files.

Adware-SmartSearch
This malware was reported by: Network Associates Inc


Adware-SmartSearch.dldr
This malware was reported by: Network Associates Inc


Bagle.BQ
This malware was reported by: Computer Associates
Description Win32.Bagle.BQ is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32

Bagle.CF
This malware was reported by: F-Secure


Bagle.BX
This malware was reported by: F-Secure
Another new Bagle variant - Bagle.BX has been found on August 8th, 2005. This variant is very similair to Bagle.BY. For details, see description of Bagle.BY: http://www.f-secure.com/v-descs/bagle_by.shtml

SpamNet.A
This malware was reported by: Panda Software
 SpamNet.A is a Trojan that is run when visiting a website for adults. It downloads and runs some files, which, at the same time, download and run other malware, causing a multiple infection in the affected computer, including Trojans, adware, dialers and

Bagle.CI
This malware was reported by: F-Secure
Another new Bagle variant - Bagle.CI has been found on August 12th, 2005. This Bagle sends infected messages containing another Bagle-related component, Bagle.CF. The worm also contains a backdoor that listens on TCP port 80.

Bagle.CH
This malware was reported by: F-Secure


Adware-Cometsys
This malware was reported by: Network Associates Inc


Bagle.CK
This malware was reported by: F-Secure


BackDoor-CCT
This malware was reported by: Network Associates Inc


TROJ_BAGLE.BJ
This malware was reported by: Trendmicro
 

Adware-SpywareWall
This malware was reported by: Network Associates Inc


WORM_BAGLE.CG
This malware was reported by: Trendmicro
 Like other BAGLE variants, this memory-resident worm utilizes a Trojan downloader to propagate. It uses its own SMTP engine to mass-mail copies of TROJ_BAGLE.BI to target recipients, while the said Trojan, in turn, downloads a copy of this worm into

Backdoor.Nibu.N
This malware was reported by: Symantec
Backdoor.Nibu.N is a Trojan horse that opens a back door on a compromised computer and blocks access to security-related Web sites. It also runs a keylogger, periodically sending the stolen information to a predetermined email address.

Trojan.Cmapp
This malware was reported by: Symantec
Trojan.Cmapp is a Trojan horse that may display advertisements and download updates from the Internet.

TROJ_BAGLE.BK
This malware was reported by: Trendmicro
 A Trojan application is a malware with no capability to spread into other systems. They may be unknowingly downloaded from the Internet or manually installed by unsuspecting users.

Zotob.A
This malware was reported by: F-Secure
Zotob.A is a Mytob clone that spreads using a vulnerability in Windows Plug and Play service (MS05-039).

W32.Zotob.A
This malware was reported by: Symantec


W32/Zotob.worm
This malware was reported by: Network Associates Inc
This worm exploits the MS05-039 vulnerability.  There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability.  They may be seen with the filenames pnpsrv.exe or winpnp.exe.  See http://vil.nai.com/vil

W32/Sdbot.worm!MS05-039
This malware was reported by: Network Associates Inc
In typical Sdbot evolutionary fashion, MS05-039 exploit code has been added to the Sdbot virus family.  The same activity happened around DcomRPC, LSASS, and a host of other common vulnerabilities.  This description covers the initial MS05-0

Zotob.A
This malware was reported by: Panda Software
 Zotob.A is a worm that connects to an IRC server in order to receive remote control commands, such as delete, download and run files.Aditionally, it prevents users from accessing certain web pages, mostly belonging to antivirus companies.Zotob.A spreads

WORM_ZOTOB.A
This malware was reported by: Trendmicro
 To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.

W32.Zotob.B
This malware was reported by: Symantec


W32.Spybot.UBH
This malware was reported by: Symantec
W32.Spybot.UBH is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039)

W32/Zotob.worm.b
This malware was reported by: Network Associates Inc
This self-executing worm spreads by exploiting Windows2000 MS05-039 vulnerable systems in order to instruct those systems to download and execute the worm. On Demand Scans may detect this threat as New Malware.n with the 4451 DAT files or n

WORM_ZOTOB.B
This malware was reported by: Trendmicro
 To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.

Zotob.B
This malware was reported by: Computer Associates
Description Win32.Zotob.B is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability (MS05-039). The worm also ac

Zotob.A
This malware was reported by: Computer Associates
Description Win32.Zotob.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability (MS05-039). The worm also ac

DlWreck.K
This malware was reported by: Computer Associates


Rbot.DGF
This malware was reported by: Computer Associates


Glieder.AU
This malware was reported by: Computer Associates
Description Win32.Glieder.AU is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-

Glieder.AV
This malware was reported by: Computer Associates
Description Win32.Glieder.AV is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-

Betalire Family
This malware was reported by: Computer Associates


Bagle.BR
This malware was reported by: Computer Associates
Description Win32.Bagle.BR is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32

Bagle.BS
This malware was reported by: Computer Associates
Description Win32.Bagle.BS is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32

Zotob.B
This malware was reported by: F-Secure
Zotob.B is a minor variant of Zotob.A. It spreads using a vulnerability in Windows Plug and Play service (MS05-039).

Fantibag.D
This malware was reported by: Computer Associates
Description Win32.Fantibag.D is a trojan that creates filters for IPv4 packets to block access to many and varied antivirus company domains. It has been distributed

Zotob.B
This malware was reported by: Panda Software
 Zotob.B is a worm that connects to an IRC server in order to receive remote control commands, such as delete, download and run files.Aditionally, it prevents users from accessing certain web pages, mostly belonging to antivirus companies.Zotob.B spreads

HTML
This malware was reported by: F-Secure


Phishbank
This malware was reported by: F-Secure


W32/Zotob.worm.gen
This malware was reported by: Network Associates Inc
This is a generic detection of Zotob variants.  For more specific details see: W32/Zotob.worm W32/Zotob.worm.b Top of Page

IRCBot.es
This malware was reported by: F-Secure
This IRC-based backdoor-worm was found on August 15th, 2005 in Finland. The backdoor provides unauthorised access to an infected computer and also has the capability to spread to remote computers using the PnP exploit on port 445.

JS/Downloader-AED
This malware was reported by: Network Associates Inc


WORM_RBOT.CBJ
This malware was reported by: Trendmicro
 This worm propagates via network shares. It drops copies of itself into available C$ shares in the network. It also uses its own list of user names and passwords to access password-protected shares.

QLowZones-15
This malware was reported by: Network Associates Inc


WORM_ZOTOB.C
This malware was reported by: Trendmicro
 To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below:

W32.Zotob.C@mm
This malware was reported by: Symantec
W32.Zotob.C@mm is a mass-mailing worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) on TCP port 445.

Mitglieder.DA
This malware was reported by: Computer Associates
Description Win32.Mitglieder.DA is a trojan that opens a backdoor on an infected machine, and acts as a SOCKS 4 proxy. The trojan also periodically contacts web site

W32.Esbot.A
This malware was reported by: Symantec


Zotob.C
This malware was reported by: F-Secure
Zotob.C is a new variant of Zotob. It spreads using a vulnerability in Windows Plug and Play service (MS05-039) and ASN.1 (MS04-007). This variant also has Mydoom e-mail spreading routine.

Zotob.C
This malware was reported by: Computer Associates
Description Win32.Zotob.C is a worm that attempts to spread by e-mail, and by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability (M

W32.Bobax.AF@mm
This malware was reported by: Symantec
W32.Bobax.AF@mm is a mass-mailing worm that opens a back door, downloads remote files, and lowers security settings on the compromised computer. The worm spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as descri

W32/Mydoom.bv@MM
This malware was reported by: Network Associates Inc


W32/Zotob.worm.c
This malware was reported by: Network Associates Inc
This variant is capable of mass-mailing itself using its own SMTP engine. This worm exploits the MS05-039 vulnerability.  See http://vil.nai.com/vil/content/v_135434.htm This self-executing worm spreads by exploiting Windows2000 MS05-039

W32.Randex.EUS
This malware was reported by: Symantec
W32.Randex.EUS is a network-aware worm that spreads to network shares protected by weak passwords. The worm also opens a back door on the compromised computer and may be remotely controlled through IRC channels.

W32/Zotob.worm!hosts
This malware was reported by: Network Associates Inc
This detection is for the change in the host file as a result of executing the W32/Zotob.worm virus.  The local hosts file is appended to contain several comments at the bottom. Top of Page

WORM_DRUDGEBOT.A
This malware was reported by: Trendmicro
 This memory-resident worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, please refer to the following Microsoft Web page:

W32.Zotob.D
This malware was reported by: Symantec


QLowZones-27
This malware was reported by: Network Associates Inc


WORM_RBOT.CBQ
This malware was reported by: Trendmicro
 As of August 16, 2005 at 5:12 PM (Pacific Daylight Time), TrendLabs has declared a Medium Risk alert in order to control the spread of this RBOT variant. Infection reports have been received from Japan and the United States.

W32/IRCbot.worm!MS05-039
This malware was reported by: Network Associates Inc
-- Update August 19, 2005 -- Due to a decrease in prevalence W32/IRCbot.worm!MS05-039 is being lowered to Low-Profiled risk. -- -- Update August 17, 2005 -- Due to a decrease in reports of new infections, W32/IRCbot.worm!MS05-039 is

WORM_RBOT.CBR
This malware was reported by: Trendmicro
 This memory-resident worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, refer to the following Microsoft Web page:

WORM_ZOTOB.D
This malware was reported by: Trendmicro
 As of August 16, 2005 at 5:12 PM (Pacific Daylight Time), TrendLabs has declared a Medium Risk alert in order to control the spread of this ZOTOB variant. Infection reports have been received from Brazil and the United States.

Zotob.D
This malware was reported by: F-Secure
We changed detection name for Zotob.D to Bozori.A. Please see the following description of Bozori.A: http://www.f-secure.com/v-descs/bozori_a.shtml

W32.Zotob.E
This malware was reported by: Symantec


WORM_BOBAX.AD
This malware was reported by: Trendmicro
 This worm propagates by sending a copy of itself to email addresses harvested from the default address book of the system. It uses its own SMTP (Simple Mail Transfer Protocol) engine for its mailing routine, making it simpler for this worm to send o

IRCBot.et
This malware was reported by: F-Secure
A new variant of a bot spreading the Plug and Play service (MS05-039) vulnerability has been found on August, 16th 2005.

Adware-Searcher
This malware was reported by: Network Associates Inc


MS05-039!exploit
This malware was reported by: Computer Associates


Peabot.A
This malware was reported by: Computer Associates


Rbot.DGH
This malware was reported by: Computer Associates
Description Win32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability. The worm can also be used a

Drugtob.B
This malware was reported by: Computer Associates
Description Win32.Drugtob.B is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability(MS05-039). The worm also a

W32.Zotob.F
This malware was reported by: Symantec


Tpbot.A
This malware was reported by: Computer Associates


Esbot.A
This malware was reported by: Computer Associates
Description Win32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability. The worm can also be used a

W32/Zotob.worm.d
This malware was reported by: Network Associates Inc
This worm exploits the MS05-039 vulnerability.  There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability.  They may be seen with the filenames pnpsrv.exe or winpnp.exe.  See http://vil.nai.com/vil

Esbot.B
This malware was reported by: Computer Associates
Description Win32.Esbot.B is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability. The worm can also be used a

Zotob.D
This malware was reported by: Panda Software
 Zotob.D is a worm that connects to several IRC servers in order to receive remote control commands to be carried out on the affected computer.Additionally, it searches for adware and spyware programs, as well as previous variants of itself, and it delete

Bozori.B
This malware was reported by: F-Secure
This IRC-based backdoor-worm was found on August 17th, 2005. The backdoor provides unauthorised access to an infected computer and also has the capability to spread to remote computers using the PNP exploit.

IRCbot.KC
This malware was reported by: Panda Software
 IRCbot.KC is a worm that connects to several IRC servers in order to receive remote control commands, such as delete, download and run files.IRCbot.KC spreads across the Internet, by exploiting the Plug and Play vulnerability. If you have a Windows

Bozori.A
This malware was reported by: F-Secure
This IRC-based backdoor-worm was found on August 16th, 2005. The backdoor provides unauthorised access to an infected computer and also has the capability to spread to remote computers using the PNP exploit.


Anti virus links

Anti-virus programs
Virus history
Top-100 malware
Svenska
Antivirus programs


Sitemap


Anti virus and malware

  Anti virus